Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/09bd91-5e18-4213-8053-1b03fdba0a24/1/uTLyh0W8m68_V2bMQcHtyK_zdWA.roa
File:                     uTLyh0W8m68_V2bMQcHtyK_zdWA.roa (raw, json)
Hash identifier:          2XUbaOIwLIl96z8qId5rz9LYBuQvv5k3VK/Av3lKN20=
Subject key identifier:   B9:32:F2:87:45:BC:9B:AF:3F:57:66:CC:41:C1:ED:C8:AF:F3:75:60
Certificate issuer:       /CN=d92cad11f12d86d18951cbd751ee5124f718951f
Certificate serial:       01942143CC53DE009099AD1B476C11450ED6
Authority key identifier: D9:2C:AD:11:F1:2D:86:D1:89:51:CB:D7:51:EE:51:24:F7:18:95:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2SytEfEthtGJUcvXUe5RJPcYlR8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/09bd91-5e18-4213-8053-1b03fdba0a24/1/uTLyh0W8m68_V2bMQcHtyK_zdWA.roa
Signing time:             Wed 01 Jan 2025 09:47:58 +0000
ROA not before:           Wed 01 Jan 2025 09:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47277
IP address blocks:        193.3.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/09bd91-5e18-4213-8053-1b03fdba0a24/1/2SytEfEthtGJUcvXUe5RJPcYlR8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/09bd91-5e18-4213-8053-1b03fdba0a24/1/2SytEfEthtGJUcvXUe5RJPcYlR8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2SytEfEthtGJUcvXUe5RJPcYlR8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:cc:53:de:00:90:99:ad:1b:47:6c:11:45:0e:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d92cad11f12d86d18951cbd751ee5124f718951f
        Validity
            Not Before: Jan  1 09:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b932f28745bc9baf3f5766cc41c1edc8aff37560
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:c3:e8:a4:23:82:e9:87:82:74:29:70:ba:b2:
                    66:83:cc:05:ec:18:65:24:10:72:78:97:8f:1a:fa:
                    6e:c4:63:af:a3:5b:d4:68:5a:96:30:d9:c5:70:8b:
                    45:22:41:e4:1a:95:e1:74:68:7a:36:43:73:8d:83:
                    48:13:a0:4d:fa:5e:af:ed:2e:2e:96:4f:1e:86:ed:
                    2c:f0:7f:fa:bf:c9:f7:97:e0:0e:9d:31:b0:c9:93:
                    9f:3f:b5:5c:9c:5c:89:5d:f5:29:58:f7:25:ec:2f:
                    11:5c:3c:d2:f3:a5:e1:db:48:98:ef:7e:6f:c5:ae:
                    4a:2b:c6:dc:da:09:1a:04:2d:11:a0:87:22:d0:19:
                    de:b9:43:d3:18:e0:a8:7e:d8:d5:43:2a:41:1e:cb:
                    65:14:06:b4:73:58:94:b1:c3:52:05:f2:43:78:c7:
                    04:4a:3f:84:7f:22:21:ab:7e:34:e8:a7:c7:28:99:
                    5a:04:3b:62:c9:e1:66:a1:62:93:e4:31:57:cb:27:
                    91:22:4e:4d:24:0b:de:30:d3:cb:1e:0a:da:b8:67:
                    6e:3e:3e:b2:12:e0:7f:bf:2d:12:ef:c4:62:2f:e9:
                    ce:85:91:91:78:6e:80:b6:9d:fa:af:e8:de:eb:c2:
                    eb:9c:19:a8:da:78:59:04:e5:75:61:1d:a6:af:22:
                    cc:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:32:F2:87:45:BC:9B:AF:3F:57:66:CC:41:C1:ED:C8:AF:F3:75:60
            X509v3 Authority Key Identifier:
                keyid:D9:2C:AD:11:F1:2D:86:D1:89:51:CB:D7:51:EE:51:24:F7:18:95:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2SytEfEthtGJUcvXUe5RJPcYlR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/09bd91-5e18-4213-8053-1b03fdba0a24/1/uTLyh0W8m68_V2bMQcHtyK_zdWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/09bd91-5e18-4213-8053-1b03fdba0a24/1/2SytEfEthtGJUcvXUe5RJPcYlR8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:78:f6:bf:a6:c5:bf:26:40:32:06:84:0c:e4:fc:1c:56:e4:
         69:8f:4e:5f:79:23:45:7c:1c:bf:e9:58:c5:59:71:58:6d:52:
         81:69:28:4c:1e:25:0b:9e:ff:69:51:24:c8:ea:b6:07:79:ab:
         14:03:0d:61:00:d3:91:57:d0:83:de:ef:3b:ee:c2:56:bb:cd:
         5e:dc:62:6f:d7:38:6c:3a:4f:c7:a7:e1:f8:78:e7:52:f5:d0:
         15:d5:4d:b8:ec:e9:e3:ec:46:08:7f:e2:24:cb:a0:01:52:bb:
         19:c1:ca:6d:61:4c:19:57:6c:c9:aa:82:9b:69:bf:16:37:f0:
         8c:f5:5f:a8:27:3c:55:2c:e2:fc:df:b6:68:7c:f3:60:26:76:
         0a:90:9a:aa:f5:5d:88:97:f0:f6:7f:1a:30:70:15:44:2d:ae:
         e8:ff:ea:17:6a:9b:59:7d:80:12:9c:77:ba:dc:85:4b:3d:08:
         73:46:f8:17:e1:89:86:f9:61:7c:a6:7b:3d:35:43:39:ae:fb:
         bb:03:43:6f:9c:93:bb:0e:d0:c6:af:25:7d:b8:22:55:d1:5e:
         84:ba:46:49:54:df:df:ed:19:5a:f5:70:b3:6e:cc:31:4c:51:
         69:56:46:cc:15:6a:a0:b5:9d:0a:df:6e:9f:a0:40:8b:0f:0a:
         76:69:f6:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ8xT3gCQma0bR2wRRQ7WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5MmNhZDExZjEyZDg2ZDE4OTUxY2JkNzUxZWU1MTI0Zjcx
ODk1MWYwHhcNMjUwMTAxMDk0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTMyZjI4NzQ1YmM5YmFmM2Y1NzY2Y2M0MWMxZWRjOGFmZjM3NTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkcPopCOC6YeCdClwurJmg8wF7Bhl
JBByeJePGvpuxGOvo1vUaFqWMNnFcItFIkHkGpXhdGh6NkNzjYNIE6BN+l6v7S4u
lk8ehu0s8H/6v8n3l+AOnTGwyZOfP7VcnFyJXfUpWPcl7C8RXDzS86Xh20iY735v
xa5KK8bc2gkaBC0RoIci0BneuUPTGOCoftjVQypBHstlFAa0c1iUscNSBfJDeMcE
Sj+EfyIhq3406KfHKJlaBDtiyeFmoWKT5DFXyyeRIk5NJAveMNPLHgrauGduPj6y
EuB/vy0S78RiL+nOhZGReG6Atp36r+je68LrnBmo2nhZBOV1YR2mryLM0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLky8odFvJuvP1dmzEHB7civ83VgMB8GA1UdIwQY
MBaAFNksrRHxLYbRiVHL11HuUST3GJUfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlN5dEVmRXRodEdKVWN2WFVlNVJKUGNZbFI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy8wOWJkOTEtNWUxOC00MjEzLTgwNTMt
MWIwM2ZkYmEwYTI0LzEvdVRMeWgwVzhtNjhfVjJiTVFjSHR5S196ZFdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy8wOWJkOTEtNWUxOC00MjEzLTgwNTMtMWIwM2ZkYmEwYTI0
LzEvMlN5dEVmRXRodEdKVWN2WFVlNVJKUGNZbFI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQOAMA0G
CSqGSIb3DQEBCwUAA4IBAQA4ePa/psW/JkAyBoQM5PwcVuRpj05feSNFfBy/6VjF
WXFYbVKBaShMHiULnv9pUSTI6rYHeasUAw1hANORV9CD3u877sJWu81e3GJv1zhs
Ok/Hp+H4eOdS9dAV1U247Onj7EYIf+Iky6ABUrsZwcptYUwZV2zJqoKbab8WN/CM
9V+oJzxVLOL837ZofPNgJnYKkJqq9V2Il/D2fxowcBVELa7o/+oXaptZfYASnHe6
3IVLPQhzRvgX4YmG+WF8pns9NUM5rvu7A0NvnJO7DtDGryV9uCJV0V6EukZJVN/f
7Rla9XCzbswxTFFpVkbMFWqgtZ0K326foECLDwp2afZL
-----END CERTIFICATE-----